Main Menu
Log in
Create an account
Login

How to create a secure password

how to create a secure password
Picture of Richard Heinrich

Richard Heinrich

Richard is Chief Operating Officer at InfoTrack. He has worked with law firms for more than a decade to advise on adapting to regulatory and technological change.
Avoiding Efiling Rejections Ebook Banner

Most people, legal professionals included, make up terrible passwords.

We know this because, after major hacks of big name websites, details of the passwords used are often revealed to the public. After one such hack, it was revealed that the most common three passwords were “123456,” “password,” and “12345678.”

It’s okay, though. It’s not as though lawyers are in possession of large quantities of sensitive and confidential data that’s just a password away from being accessed by any passing cyber criminal. Oh…

Read more: Why all law firms need to worry about cyber security >>

A strong password is, therefore, a critical first step in any effort to get data secure.

What makes a password strong?

A good, secure password is long, unique, not found in the dictionary, and contains a mixture of upper and lower case letters as well as numbers, and symbols.

  • Long — For many years, it was recommended that passwords be between six and eight characters long. That’s no longer good enough according to security experts. To be confident that software won’t be able to guess your password, 12-14 characters is now recommended.
  • UniqueYou really must try not to use the same password for multiple websites. The reason is obvious: a vulnerability on one website that results in your password being hacked could expose you to all sorts of problems elsewhere.
  • Not found in the dictionaryAvoid using real words or names. It’s the simplest thing in the world for a hacker to automatically run through every word in the dictionary in an effort to crack your password.
  • A mixture of letters, numbers, and symbolsThe simplest way to avoid using dictionary words is switch out letters with numbers and symbols (“L” with “1”, “O” “0”, and “A” with “@,” and so on). Try to add some additional numbers, if you can.

Tricky, eh? Good advice to achieving the above is to make a memorable, unusual sentence — “I am a 29-year old 7-foot tall giant metal monster” for instance — and then to take the first letter of each word with punctuation: “Iaa29-yo7-ftfmm.”

Extra security

Two-step authentication

Multi-factor authentication is by far the most secure way to access websites that contain a lot of serious information (such as your practice management software).

It works by combining something you know (your password), with something you can receive a one-time code on (usually your phone). Enable two-step authentication and a hacker must not only know your password but successfully steal and hack into your phone as well.

Biometrics

Selfies may soon replace passwords. At least that’s if the security gurus at Mastercard get their way. Biometric data that are unique to every individual — like fingerprints, retinas, and facial dimensions —  are an increasingly common way to access devices. However, for the time being, they’re far from perfect and easily hacked. For genuine security, you might want to stick to a password for now.

Read more: 5 steps to getting serious about law firm cyber security >>

Password Managers

The problem with having to write long, unique, and complicated passwords for every website you log into is that they’re very difficult to remember. The solution is to make use of a password manager like KeePass, 1Password, or LastPass.

These tools store your individual passwords for each website that you need to access and help you log in automatically via a single, master password. It is this master password — the one for the password manager — that you have to remember.

Okay, so I can hear you crying out: “But what if the password manager site gets hacked!” It’s a fair question, and it isn’t impossible.

However, not all hacks are equal. Given that the entire business model of these password management websites is to protect passwords it’s unsurprising that they layer encryption upon encryption upon encryption. Even if your password manager was hacked, the chances of your passwords being revealed are very low.

Of course, another option is simply to write your passwords down and then keep them in a secure place. It sounds absurd, but Vox recently suggested that it might actually be one of the most secure ways to manage your passwords.

Just keep the bits of paper safe.

***

A free guide for improving your eFiling process

Ebook Banner Cta Efiling Rejections

Get up to speed with avoiding rejections and learn how you can improve your workflows. Download it and share it with your colleagues so you don’t have to worry about rejections again.

Contents
    Add a header to begin generating the table of contents

    Share this article on social media:

    More to explore

    What is One Legal?

    We’re California’s leading litigation services platform, offering eFiling, process serving, and courtesy copy delivery in all 58 California counties. Our simple, dependable platform is trusted by over 20,000 law firms to file and serve over a million cases each year.

    Request a demo
    One Legal Dashboard

    All of your litigation support needs at your fingertips

    Get started today

    © InfoTrack US, Inc.

    You're invited!

    Join us for the next festive Beyond the Serves, where COO Richard Heinrich will discuss how the different “dishes” of the One Legal platform work together to create a delicious meal.

    Don’t miss this the chance to fill up on this One Legal feast that has all the sides you’re looking for. 

    • 00Days
    • 00Hours
    • 00Minutes
    • 00Seconds
    Register for webinar
    LIVE NOW

    Legal Up Virtual Conference

    Register now to get actionable strategies and inspiration to level up your legal career.

    Register now